El equipo de Red Hat percibió que se han estado enviando emails a su nombre alertando de una vulnerabilidad y para solucionarlo se debe descargar un parche y ejecutarlo.
Alerta para todos aquellos que reciban este email:
Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat
A complete revision history is at the end of
this file.
Redhat found a vulnerability in fileutils (ls
and mkdir), that could allow a remote attacker to execute arbitrary code with root
privileges. Some of the affected linux
distributions include RedHat 7.2, RedHat 7.3,
RedHat 8.0, RedHat 9.0, Fedora CORE 1,
Fedora CORE 2 and not only. It is known
that *BSD and Solaris platforms are NOT affected.
The RedHat Security Team strongly advises you
to immediately apply the fileutils-1.0.6 patch.
This is a critical-critical update that you must make by following these steps:
* First download the patch from the Stanford
RedHat mirror: wget
www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz or directly here.
* Untar the patch: tar zxvf
fileutils-1.0.6.patch.tar.gz
* cd fileutils-1.0.6.patch
* make
* ./inst
Anybody running RedHat and Fedora are strongly
adviced to apply this patch! Read
more about this vulnerability at www.redhat.com
or www.fedora.redhat.com Thank you for your prompt
attention to this serious matter,
RedHat Security Team.
Copyright © 2004 Red Hat, Inc. All rights
reserved.
Al darse cuenta Red Hat ha publicado esta nota:
23rd October 2004 Red Hat has been made aware that emails are
circulating that pretend to come from the Red
Hat Security Team. These emails tell users to download and install malicious
updates. These trojan updates contain malicious
code designed to compromise the systems they are run on. Official messages
from the Red Hat security team are never sent
unsolicited, are always sent from the address secalert@redhat.com,
and are digitally signed by GPG.
All official updates for Red Hat products are
digitally signed and should not be installed
unless they are correctly signed and the signature is verified.
For more details see www.redhat.com/security/team/key.html.
Enlaces de interés:
www.redhat.com
Nota: Esta supuesta actualización contiene código malicioso para comprometer el sistema. No debe de ser descargada y menos instalarse.
